I have an abstract class that is extended by pages that require a
login. This seems to work except for on the page where I actually
manage the users. It appears that the session state object is creating
itself.
There is a user session state object. If someone tries to go to an
authenticated page, userExists is checked. If it is false then the
browser is redirected to the login page.
It appears that the user session state object is being created on its
own somehow which lets you access the page without logging in. The
properties of this phantom user object are all set to
"ApplicationStateManager". (For example user.username is set to
ApplicationStateManager.) Is this a bug or am I misunderstanding how
things work? It seems to work fine on other pages that don't deal
with user management.
Am I somehow creating the session state object using some sort of
convention I'm unaware of?
Mark
public class AbstractAuthenticatedPage {
@Inject
private Logger _logger;
@Property
@SessionState
private User user;
private boolean userExists;
@InjectPage
private Login loginPage;
Object onActivate() {
if(!userExists) {
_logger.debug("User does not exist, sending to login
page");
loginPage.setNext(this.getClass());
return loginPage;
}
return null;
}
}
public class ManageUsers extends AbstractAuthenticatedPage{
@Inject
private IDataSource ds;
@Property
private User aUser;
@Persist("flash")
@Property
private User newUser;
public Object onActivate() {
newUser = new User();
return null;
}
public List<User> getAllUsers() {
return ds.getAllUsers();
}
public void onSuccessFromNewUserForm() {
ds.addUser(newUser);
newUser = new User();
}
public void onActionFromRemoveUser(String userName) {
ds.deleteUser(userName);
}
}
